module OpenAccount

    # mix this class into a user controller to get login functionality
    module OpenAccountController

        #        def self.included(base)
        #            base.class_eval do
        #
        #            end
        #        end

        public
        
        def new
            render
        end

        def create
            cookies.delete :auth_token
            @user = User.new(params[:user])
            @user.save!
            self.current_user = @user
            current_user.activate # for now activate all users by default
            redirect_back_or_default('/')
            flash[:notice] = "Thanks for signing up!"
        rescue ActiveRecord::RecordInvalid
            render :action => 'new'
        end

        def activate
            self.current_user = params[:activation_code].blank? ? :false : User.find_by_activation_code(params[:activation_code])
            if logged_in? && !current_user.activated?
                current_user.activate
                flash[:notice] = "Signup complete!"
            end
            redirect_back_or_default('/')
        end

        def check_email

        end

        def api_key
            login_required
            if request.post?
                current_user.generate_api_key
            else
                current_user.api_key
            end
        end

        def forgot_password
            # Always redirect if logged in
            if current_user
                flash[:message] = 'You are currently logged in. You may change your password now.'
                redirect_to :action => 'change_password'
                return
            end

            # Email disabled... we are unable to provide the password
            if !OpenAccountConfiguration.config(:use_email_notification)
                flash[:message] = "We are currently unable to reset your password online.  Please contact the system admin at #{OpenAccountConfiguration.config(:admin_email)} to reset your password."
                redirect_back_or_default :action => 'signin'
                return
            end

            if request.post?
                # Handle the :post
                if params[:email].empty?
                    flash[:warning] = 'Please enter a valid email address.'
                elsif (user = User.find_by_email(params[:email])).nil?
                    flash[:warning] = "We could not find a user with the email address #{params[:email]}"
                else
                    begin
                        key = user.forgot_password
                        url = url_for(:action => 'reset_password', :password_reset_code => key)
                        UserNotify.deliver_forgot_password(user, url)
                        flash[:notice] = "Instructions on resetting your password have been emailed to #{params[:email]}"
                        redirect_back_or_default :action => 'signin'
                    rescue Exception => e
                        service
                        flash.now[:warning] = "There was a system error and we just don't know what happened.  Password could not be emailed to #{params[:email]}.  Please contact the system admin at #{OpenAccountConfiguration.config(:admin_email)} and we'll see if a real human can help."
                    end
                end
            end
        end

        def reset_password
            password_reset_code = request.post? ? params[:password_reset_code] : params[:id]
            return unless !password_reset_code.nil?
            if @user = User.find_by_password_reset_code(password_reset_code)
                self.current_user = @user
                redirect_to(:action => 'change_password')
            else
                logger.error "Invalid Password Reset Code entered."
                flash[:notice] = "Invalid Password Reset Code entered. Please check your Code and try again."
            end
        end

        def change_password
            login_required
            return unless request.post?
            if (params[:password] == params[:password_confirmation])
                flash[:notice] = current_user.change_password(params[:password], params[:password_confirmation]) ? "Password changed" : "Password not changed"
            else
                flash[:notice] = "Password mismatch"
            end
        end


    end

end
